PT-2024-21637 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version Description: The issue affects Discourse, an open source platform for community discussion. Users allowed to invite others can inject arbitrarily large data in parameters used in the invite route...

CVE-2024-2363

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The...

CVE-2024-2363 AOL AIM Triton Invite denial of service

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The...

CVE-2024-2363

CVE-2024-2363 affects AOL AIM Triton 1.0.4, specifically the Invite Handler component. The root cause is manipulation of the CSeq argument, which leads to a remote denial of service. Public exploit details exist, and the vulnerability is associated with products no longer maintained. No patch/ver...

PT-2024-19983 · Aol · Aol Aim Triton

Name of the Vulnerable Software and Affected Versions: AOL AIM Triton version 1.0.4 Description: A vulnerability was found in the Invite Handler component, where the manipulation of the CSeq argument leads to denial of service. The attack can be initiated remotely. This issue affects products tha...

AOL AIM Triton Security Breach

AOL AIM Triton is an instant messaging software from AOL. A security vulnerability exists in AOL AIM Triton version 1.0.4, which stems from a denial of service due to the parameter CSeq of the component Invite Handler...

BIT-GITLAB-2021-22243

Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group...

BIT-DISCOURSE-2022-31096 Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite h...

BIT-MATTERMOST-2023-1774

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...

BIT-GRAFANA-2022-39306 Grafana contains Improper Input Validation

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

Mattermost Authorization Issue Vulnerability (CNVD-2024-13545)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from an inability to check the "inviteguest" permission when inviting people from other teams to join the team. A privileged...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from an inability to check the "inviteguest" permission when inviting people from other teams to join the team. A privileged...

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release due to the password reset functionality. An attacker can accept an invitation for an unlimited amount of time by exploiting the lack of validation for the pending invitation's expiry...

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release due to the password reset functionality. An attacker can accept an invitation for an unlimited amount of time by exploiting the lack of validation for the pending invitation's expiry...

CVE-2023-5006

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...

CVE-2023-5006 WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...

CVE-2023-5006

CVE-2023-5006 (WP Discord Invite) : The WordPress plugin WP Discord Invite is vulnerable to a CSRF flaw in versions before 2.5.1, enabling an unauthenticated attacker to cause actions on behalf of an authenticated admin by tricking them into submitting crafted requests. Public details confirm the...

PT-2024-13853 · WordPress · Wp Discord Invite

Name of the Vulnerable Software and Affected Versions: WP Discord Invite WordPress plugin versions prior to 2.5.1 Description: The issue allows an unauthenticated attacker to perform actions on behalf of a logged-in administrator by tricking them into submitting a crafted request, due to a lack o...

WordPress Plugin WP Discord Invite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

FreeSWITCH 1.10.10 Denial Of Service Vulnerability

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...